System Firmware and UEFI Security

The Advanced Threat Research team has been performing security analysis on system firmware for many years. Much of this work was traditionally performed in the context of internal security validation; however, security problems in the system firmware implementations such as BIOS and UEFI firmware often affect the entire industry. Consequently, we expanded the scope of security research to help platform and BIOS manufacturers improve security of system firmware implementations. We continue publish results of this research, including tools which help increase overall confidence in the platform.

Different Methods of BIOS Analysis: Static, Dynamic, and Symbolic Execution | 2016-03-02
In this presentation, we describe different approaches to the analysis of system firmware such as BIOS, in order to identify vulnerabilities, verify implemented mitigations, and perform forensics. We describe tools for dynamic firmware analysis, including CHIPSEC, and show the Excite tool for symbolic execution analysis of BIOS SMI handlers. In this presentation we use a BIOS and SMRAM image from the Minnowboard Max. We also explain pros and cons for these methods.
Download our talk at analyze.cc.

Breaking Bad BIOS: The Art of BIOS Attacks | 2015-10-28
Recent attacks against system firmware, including Basic Input/Output System (BIOS) and UEFI, have attracted attention due to their ability to enable stealthy and highly persistent malware. Such malware may be able to bypass secure OS boot, enabling attacks on encrypted disks and allowing installation of additional malware. We presented these findings at McAfee FOCUS 15.

Symbolic Execution for BIOS Security | 2015-05-25
We are building a tool that uses symbolic execution to search for BIOS security vulnerabilities, including dangerous memory references (call outs) by SMM interrupt handlers in UEFI-compliant implementations of BIOS. Our tool currently applies only to interrupt handlers for SMM variables. Given a snapshot of SMRAM, the base address of SMRAM, and the address of the variable interrupt handler in SMRAM, the tool uses S2E to run the KLEE symbolic execution engine to search for concrete examples of a call to the interrupt handler that causes the handler to read memory outside of SMRAM. This is a work in progress. We discuss our approach, our current status, our plans for the tool, and the obstacles we face.
Joint work with Lee Rosenbaum, Mark R. Tuttle, and Vincent Zimmer from Intel.USENIX WOOT'15

S3 Resume Boot Script Vulnerability | 2015-07-30
This paper describes technical details of a vulnerability (VU #976132 / CVE-2014-8274) in the protection of EFI-based system firmware and platform configuration when resuming from the S3 sleep state. The issue was independently discovered and presented at 31C3 in December 2014. After discovering this issue, the Advanced Threat Research team has been working to notify BIOS developers and ensure that mitigations are created. We are releasing a test module for the open source CHIPSEC platform security assessment framework. This will assist users in identifying whether their platforms might be affected by this issue.

HackingTeam's UEFI Rootkit | 2015-07-14
Analysis of the commercial malware developed by HackingTeam has revealed much to the security community. Of particular interest to the ATR team is the presence of what appears to be a UEFI-based persistent infection mechanism. This analysis describes what was found. Read more.

Attacking and Defending BIOS in 2015 | 2015-06-20
At RECon 2015, researchers from the ATR team presented multiple types of recently discovered BIOS vulnerabilities and described how each class of issue is mitigated.

A New Class of Vulnerabilities: BIOS SMI Handlers | 2015-03-20
At CanSecWest 2015, ATR researchers described a class of vulnerabilities in SMI handlers, where pointer arguments are passed to the handler without input validation. Using this vulnerability, it is possible to execute arbitrary code in SMM. Download the CanSecWest 2015 presentation.

Tianocore security advisories | 2015-01-09
Modern system firmware is often based on the open source implementation of UEFI known as Tianocore. We have been contributing to the vulnerability analysis of Tianocore with some results available on the Tianocore security advisories page (advisories log).

BIOS and Secure Boot Attacks | 2014-10-30
A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as secure boot, OS loaders, and SMM. Windows 8 Secure Boot provides an important protection against bootkits by enforcing a signature check on each boot component.
This talk details some of the attacks and how they work. We demonstrate a full software bypass of secure boot. In addition, we describe underlying vulnerabilities and how to assess systems for these issues using an open source framework for platform security assessment. We cover BIOS write protection, forensics on platform firmware, attacks against SMM, attacks against secure boot, and various other issues. After watching, you should understand how these attacks work, how they are mitigated, and how to test a system for the vulnerability.
BIOS and Secure Boot Attacks Uncovered: Ekoparty 10 video
Summary of BIOS and Secure Boot Attacks: DEF CON 22 presentation
Microsoft Blue Hat Security Briefings Fall 2014: video

You Can't Recover a Brick: Hardware Security in the Enterprise | 2014-10-29
Vulnerabilities in BIOS, firmware, or hardware can lead to complete system compromise, including permanent damage. This talk will describe vulnerable areas in low-level components on devices that are deployed in an enterprise. We'll show you how to reduce risk through a demonstration of how McAfee tools validate systems during a typical denial-of-service attack scenario.McAfee FOCUS 14

Secure Boot

Last updated: 2016-04-18
The UEFI specification defines secure booting of the operating system, helping protect against bootkits (like TDL4) and other boot time attacks. However, robust implementation of Secure Boot in the system firmware is not always trivial and mistakes in the implementation can undermine protections offered by Secure Boot. As part of an ongoing effort to analyze security of system firmware, the ATR team has been performing an analysis of how recent platforms implement Secure Boot, and working with the platform and BIOS developers to correct implementation mistakes discovered during the analysis.

All Your Boot Are Belong to Us | 2014-03-20
Researchers from the ATR team and MITRE corporation (Corey Kallenberg, Xeno Kovah, John Butterwotrth, and Sam Cornwell) teamed up to identify how Secure Boot can be bypassed on modern systems. At CanSecWest 2014, they delivered a joint presentation detailing the results.
CanSecWest 2014 presentation: ATR part, MITRE part

A Tale of One Software Bypass of Windows 8 Secure Boot | 2013-07-31
Windows 8 Secure Boot based on UEFI 2.3.1 Secure Boot is an important step toward securing platforms from malware compromising boot sequence before the OS. However, there are certain mistakes platform vendors shouldn't make which can completely undermine protections offered by Secure Boot. We will demonstrate an example of full software bypass of Windows 8 Secure Boot due to such mistakes on some of the latest platforms and explain how those mistakes can be avoided.
BlackHat USA 2013 presentation

Platform Security

Last updated: 2016-04-18

LTE and *your* laptop | 2015-08-07
With today's advancement in connectivity and internet access using 3G and LTE modems, it seems we all can have a device that's always internet capable, including our laptops, tablets, 2 in 1 devices, and ultrabooks. It becomes easier to be online without using your Wi-Fi at all. In our talk, we demonstrate and discuss the exploitation of an internal LTE modem from Huawei which can be found in a number of devices.
DEF CON 23 video is available.

USB for All! | 2014-08-08
USB is used in almost every computing device produced in recent years. In addition to well-known usages like keyboard, mouse, and mass storage, a much wider range of capabilities exist, such as Device Firmware Update, USB On-the-Go, debug over USB, and more. What actually happens on the wire? Is there interesting data we can observe or inject into these operations that we can take advantage of? In this talk, we present an overview of USB and its corresponding attack surface. We demonstrate different tools and methods that can be used to monitor and abuse USB for malicious purposes.
Joint presentation with Jesse Michael from Intel.
DEF CON 22 presentation and BSidesPDX 2014 (video)

UART THOU MAD? | 2013-07-31
Despite the fact that UART has been around forever and is actually frequently used by vulnerability researchers in the hardware space, it has not been discussed as a dedicated topic on its own. This talk is intended to fill that gap. We provide an overview of what UART is, the tools that exist to work with it, and provide examples of why a security researcher should care. We also explore why UART is a powerful friend for anyone who likes to repurpose hardware. We will also provide BKMs for companies building products that include UART to decrease the likelihood it will be used against them.
Joint presentation with Toby Kohlenberg from Intel.Black Hat USA 2013 (presentation, paper, video) and BSidesPDX 2013.

Evil Maid Just Got Angrier: Why Full-Disk Encryption with TPM Is Insecure on Many Systems | 2013-03-20
Security features like full-disk encryption solutions rely on protections of the underlying firmware and hardware. Often, system firmware (BIOS) doesn't use or incorrectly configures protections offered by hardware. This work demonstrates that software full-disk encryption solutions are still subject to Evil Maid attacks when firmware fails to correctly utilize hardware protections, even when they rely on Trusted Platform Module to protect contents on the system drive from attacks that tamper with system firmware.
CanSecWest 2013 presentation